Skip to main content

Tutorial: How to Add Users to Your Access Server Using PAM

Abstract

Add VPN users for Access Server using pluggable authentication modules (PAM) on your Linux OS.

Overview

You can configure user credential authentication for Access Server with the system that suits your needs. Access Server supports PAM, LDAP, RADIUS, SAML, and local authentication. For more details, refer to the authentication system topic.

This topic provides an overview of using pluggable authentication modules (PAM) to authenticate Access Server users.

Prerequisites

  • An installed Access Server.

  • Console access and the ability to get root access.

Step 1: Connect to your server

You manage PAM authentication on the server, typically using the local user accounts in the operating system where you’ve installed Access Server. You can also use an authentication system on a separate server, as long as it’s reachable by Access Server.

  1. Connect to your server.

    • This can be established directly, using a terminal or bash, or via an application like PuTTY.

  2. Connect as a root user or gain root privileges with sudo.

Step 2: Add new users

  1. Add a user:

    adduser <USERNAME>
sacli --user <USERNAME> --key "type" --value "user_connect" UserPropPut

  2. Set the new user’s password or enter the user information as prompted (depending on your OS version):

    passwd <USERNAME>

  3. Repeat the commands to add more users.

For additional command-line tips for PAM, refer to Tutorial: Manage the PAM Authentication Method from the Command-line Interface.

Step 3: Enable PAM for Access Server authentication

You have two options for enabling PAM as the Access Server authentication: Using the Admin Web UI or the command-line interface. We describe each in the sections below.

Enable PAM in the Admin Web UI

You can enable PAM authentication using a web-based interface through the Admin Web UI for your Access Server. You can enable it as the default (global) authentication, for a group, or for individual users.

Enable PAM as the default authentication

  1. Sign in to the Admin Web UI.

  2. Click Authentication.

    • The General Settings tab displays.

  3. Select PAM from the Default authentication system drop-down.

  4. Click Save and Restart.

Enable PAM as the group authentication

  1. Sign in to the Admin Web UI.

  2. Click Groups.

  3. Click on the desired group.

  4. Select PAM from the Auth method drop-down.

  5. Click Save and Restart.

Enable PAM as a user's authentication

  1. Sign in to the Admin Web UI.

  2. Click Users.

  3. Click on the desired user.

  4. Select PAM from the Auth method drop-down.

  5. Click Save and Restart.

Enable PAM in the command-line interface

You can also manage PAM authentication with the commands referred to in this tutorial: Tutorial: Manage the PAM Authentication Method from the Command-line Interface.

In this section: